Penetration Testing in Windows/Active Directory with Crackmapexec

Crackmapexec is a swiss army knife for pentesting Windows/Active Directory environments. Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services.

First of all, to install crackmapexec run the following commands:

apt-get install -y libssl-dev libffi-dev python-dev build-essential

I have already installed all the requirements that is why because it is showing already installed but you have to install them.

Now we will create a virtual environment for crackmapexec with virtualenvwrapper.

virtualenvwrapperis a set of extensions to virtualenv tool. The extensions include wrappers for creating and deleting virtual environments and otherwise managing your development workflow, making it easier to work on more than one project at a time without introducing conflicts in their dependencies.

As you can see payload is executed successfully and a powershell script Invoke-Shellcode.ps1 is executed to gets the reverse meterpreter shell using the metinject module to directly inject meterpreter into memory.

Here –M is the Module to use.

As you can see we got the meterpreter shell.

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .